CVE-2026-2291

A heap buffer overflow was discovered in dnsmasq's DNS cache. When processing DNS responses, dnsmasq expands certain characters into longer escape sequences, but the cache buffer is not sized to hold the expanded result. A specially crafted DNS response can overflow this buffer, potentially...

CVE-2025-13601 Glib: integer overflow in in g_escape_uri_string()

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...

Security update for editorconfig-core-c

This update for editorconfig-core-c fixes the following issues: CVE-2024-53849: stack buffer overflow and pointer overflow when handling escaped characters. bsc1233815 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

SUSE CVE-2024-53849

editorconfig-core-c is theEditorConfig core library written in C for use by plugins supporting EditorConfig parsing. In affected versions several overflows may occur in switch case '' when the input pattern contains many escaped characters. The added backslashes leave too little space in the outp...

UBUNTU-CVE-2024-53849

editorconfig-core-c is theEditorConfig core library written in C for use by plugins supporting EditorConfig parsing. In affected versions several overflows may occur in switch case '' when the input pattern contains many escaped characters. The added backslashes leave too little space in the outp...

CVE-2024-53849

editorconfig-core-c is theEditorConfig core library written in C for use by plugins supporting EditorConfig parsing. In affected versions several overflows may occur in switch case '' when the input pattern contains many escaped characters. The added backslashes leave too little space in the outp...

CVE-2024-53849

The CVE-2024-53849 issue affects editorconfig-core-c (EditorConfig core library in C) where multiple escaped characters in input patterns can trigger stack/pointer overflows in the '[' handling during parsing. The root cause is that added backslashes reduce available space in nested-bracket outpu...

CLSA-2023-1697575950 Fix CVE(s): CVE-2023-4504

SECURITY UPDATE: heap-based buffer overflow - debian/patches/CVE-2023-4504.patch: check for end of buffer if there is an escaped character - CVE-2023-4504...

CVE-2023-2831 Denial of Service while unescaping a Markdown string

Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters...

CVE-2023-28487

Sudo before 1.9.13 does not escape control characters in sudoreplay output...

CVE-2022-31739

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This...

Chicken 操作系统命令注入漏洞

Chicken is a compiler for the Scheme programming language. A security vulnerability exists in Chicken egg-compile.scm that originates from allowing arbitrary operating system commands to be executed via escaped characters in .egg files during package installation...

Insecure Signature Verification

jsrsasign is vulnerable to insecure signature verification. The vulnerability exists because the library does not properly validate the JWS or JWT signature with non-Base64URL encoding special characters or number escaped characters such as !@$% or \11...

Improper masking of some secrets in Jenkins Credentials Binding Plugin

Credentials Binding Plugin allows specifying passwords and other secrets as environment variables, and will hide them from console output in builds. As a side effect of the fix for SECURITY-698, $ characters in secrets are escaped to $$. This will then be expanded to $ again once the secret is...

Mozilla Firefox Security Advisory (MFSA2015-129) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

istio/istio: HTTP request with escaped slash characters can bypass authorization mechanisms

An authorization bypass flaw was found in Istio. This flaw allows an attacker to craft an HTTP request that defines a certain pattern of escaped characters in the URI path such as %2F, %2f, %5C, or %5c, allowing them to bypass the authorization service. The highest threat from this vulnerability ...

CVE-2021-31920

An authorization bypass flaw was found in Istio. This flaw allows an attacker to craft an HTTP request that defines a certain pattern of escaped characters in the URI path such as %2F, %2f, %5C, or %5c, allowing them to bypass the authorization service. The highest threat from this vulnerability ...

CVE-2021-29492

An authorization bypass vulnerability was found in envoyproxy/envoy. An attacker can potentially craft an HTTP request that defines a certain pattern of escaped characters in the URI path such as %2F, %2f, %5C or %5c, allowing them to bypass the envoy authorization service. The highest threat fro...

Path traversal

An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server...

CVE-2020-12737

An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server...